package com.ticketbooking.controller.security;

import com.ticketbooking.constant.Constant;
import com.ticketbooking.entity.ManagerEntity;
import com.ticketbooking.entity.UserEntity;
import com.ticketbooking.service.IManagerDao;
import com.ticketbooking.service.IUserDao;
import com.ticketbooking.util.SecurityTool;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

/**
 * Created by huanghuichi on 2017/11/8.
 */
@Controller
@RequestMapping("/security")
public class securityController {

    @Resource
    private IUserDao userDao;

    @Resource
    private IManagerDao managerDao;

    @RequestMapping("/login")
    public String login() {
        return "security/login";
    }

    @RequestMapping("/checkpwd")
    public String checkPwd(HttpServletRequest request)throws ServletException, IOException {
        String managername = request.getParameter("name");
        String manpassword = request.getParameter("mpwd");
        ManagerEntity manager = null;
        if(managername!=null||manpassword!=null){
            manager = managerDao.getManagerByManname(managername);
        }
        //session保存管理者的名字,是否正确,以及他的权限
        HttpSession session= request.getSession();
        Boolean flag = setManagerSession(session,manager,manpassword);
        session.setAttribute("flag",flag);
        return "security/check";
    }

    /**
     * localhost:8888/security/checkbyJson.action
     * @param managername 管理员名字
     * @param manpassword 管理员密码
     * @return 信息(通过验证则是ok)
     */
    @RequestMapping("/checkbyJson")
    public String checkpwdByAJAX(String managername,String manpassword,HttpServletRequest request,Model model)throws ServletException, IOException{
        ManagerEntity manager = null;
        if(managername!=null||manpassword!=null){
            manager = managerDao.getManagerByManname(managername);
        }
        //session保存管理者的名字,是否正确,以及他的权限
        HttpSession session= request.getSession();
        Boolean flag = setManagerSession(session,manager,manpassword);
        session.setAttribute("flag",flag);
        HashMap result = new HashMap();
        if(flag){
            assert manager != null;
            result.put("permission",manager.getManpermission());
            result.put("manager",manager.getManname());
            result.put("ok",true);
        }else{
            result.put("ok",false);
        }
        model.addAttribute("result",result);
        return Constant.JSON_VIEW_OTHER;
    }

    /**
     * localhost:8888/security/changepwd.action
     * @param oldPwd 原密码
     * @param newPwd 新密码
     * @param managername 管理员名字
     * @param type 重置reset/修改change
     * @param request 请求信息
     * @return "msg"->"ok/错误信息"
     */
    @RequestMapping("/changepwd")
    public String changePwd(String oldPwd,String newPwd,String managername,String type,HttpServletRequest request,Model model)throws ServletException,IOException{
        if("reset".equals(type)){ //密码重置
            if(SecurityTool.isReturnJson("1",request)){
                managerDao.changePassword(newPwd,managername);
                model.addAttribute("msg","success");
            }
        }else if("change".equals(type)){
            ManagerEntity manager = managerDao.getManagerByManname(managername);
            if(oldPwd!=null&&oldPwd.equals(manager.getManpassword())){
                managerDao.changePassword(newPwd,managername);
                model.addAttribute("msg","success");
            }
        }
        return Constant.JSON_VIEW_OTHER;
    }

    private boolean setManagerSession(HttpSession session,ManagerEntity manager,String manpassword){
        boolean flag = false;
        if(manager!=null){
            if(manpassword.equals(manager.getManpassword())){
                flag = true;
                session.setAttribute("managername",manager.getManname());
                session.setAttribute("permission",manager.getManpermission());
            }
        }
        return flag;
    }

    /**
     * localhost:8888/security/logout.action 注销功能实现
     * @param request 请求者
     */
    @RequestMapping(value = "/logout")
    public String Logout(HttpServletRequest request,Model model)throws ServletException, IOException{
        HttpSession session = request.getSession();
        session.removeAttribute("managername");
        session.removeAttribute("permission");
        model.addAttribute("result",true);
        return Constant.JSON_VIEW_OTHER;
    }

    @RequestMapping("/register")
    public String register() {
        return "security/register";
    }

    @RequestMapping("/add")
    public String add(HttpServletRequest request){
        String id = request.getParameter("id");
        String userName = request.getParameter("uname");
        String password = request.getParameter("upwd");
        UserEntity user = new UserEntity();
        user.setId(id);
        user.setUserName(userName);
        user.setPassword(password);
        userDao.add(user);
        request.getSession().setAttribute("user",user);
        return "security/check";
    }
}
